[j-nsp] M-series IPSEC / SP interface and VRF
Alex Arseniev
alex.arseniev at gmail.com
Tue Nov 12 11:22:22 EST 2013
Yes
[edit]
aarseniev at m120# set services service-set SS1 ipsec-vpn-options
local-gateway ?
Possible completions:
<address> Local gateway address
routing-instance Name of routing instance that hosts local
gateway <=====!!!! CHECK THIS OUT!!!
aarseniev at m120> show version
Hostname: m120
Model: m120
JUNOS Base OS boot [10.4S7.1]
HTH
Thanks
Alex
On 12/11/2013 16:05, Scott Harvanek wrote:
> Anyone with any ideas on this?
>
> Scott H.
>
> On 11/9/13, 12:58 PM, Scott Harvanek wrote:
>> Is there a way to build a IPSec tunnel / service interface where the
>> local gateway is NOT in the same routing-instance as the service
>> interface?
>>
>> Here's what I'm trying to do;
>>
>> [ router A (SRX) ] == Switch / IS-IS mesh == [ router B m10i ]
>> [ st0.0 / VRF ] ================= [ sp-0/0/0.0 / VRF ]
>>
>> The problem is, I want sp-0/0/0.0 on router B in a VRF but NOT the
>> outside interface on router B, I cannot commit unless the
>> outside/local-gateway on the IPSec tunnel is in the same
>> routing-instance as the service interface, is there a way around
>> this? The SRX devices can do this without issue.
>>
>> service-set XXXX {
>> interface-service {
>> service-interface sp-0/0/0.0; <-- want this in a VRF
>> }
>> ipsec-vpn-options {
>> local-gateway x.x.x.x; <-- default routing instance
>> }
>> ipsec-vpn-rules XXXX
>> }
>>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list